old virus, how to remove sedoparking redirect

Appears to be an older bot, that effects Java scripts from any browser.

A website, www.sedoparking.com redirects a java scripted web paged to another page requesting a renewal.

Appears to be a fairly common virus that has been around for several years. However Malwarebytes is unable to detect and Superadminspyware's trial period has ended.

Does anyone know of any freeware or trial-ware program available that can easily detect and quarantine this particular virus bot or provide information where to locate for removal?

 

if you are still infected or think you might be, I can send you to the malware removal forum at Geeks to Go, I am not authorized to analyze logs here.

http://www.geekstogo.com/forum/forum/37-virus-spyware-malware-removal/

read the pinned notices first before posting. the volunteers here know what programs to download and all are free and reliable.

 

Ok, thanks ... I don't believe I am infected from past problems. I think this may be something recent either with my LAN or the WLAN. Possibly something involved with effecting a DNS and the SAT modem.

My Internet connection requires connection through a Sat dish , a sat modem then a couple of routers that create a WLAN (wireless lan) with WiFI clients.

The IP address I am trying to access is the systemcontrolcenter for the SAT modem which is tied into the SAT Internet network. (Hughesnet)

All their SAT customer LANs have a sat modem with a 192.168.0.1 IP address. (www.systemcontrolcenter.com) that displays modem and sat connection information.

So far the redirect only occurs when trying to access www.systemcontrolcenter.com (using the ip address, 192.168.0.1 there is no redirect but the sat modems webpage fails to load).

I am trying to determine if the problem exists on my LAN the WLAN, or the SAT modem's LAN. I tried a second PC that has not been used for a week or so and the same problem occurs. I was able to access the systemcontrolcenter in the AM ... the problem started to occurred sometime yesterday afternoon ( PM).

Sat modem LAN > WLAN > LAN (for my PC)

 

any redirect should be investigated, I urge you to have your pc cleaned.

as for

I could google for some ideas, but since I do not use wifi or a satellite connection, I would have no personal experience with these issues.

 

Searching the Internet produces some information about this problem, referencing sedoparking.com all the way back to 2006. None appear to be WiFi or Sat related.

I think the problem may be a simple one, such as modifying the DNS.

However, after googling and searching some of the malware forums. I haven't been able to find any definite answers or details.

 

After cleaning the original PC the popup stopped, however the ip & url are unreachable.

From a Vista laptop that's been in storage for over a month, rarely used. 192.168.0.1. (www.systemcontrolcenter.com) are also unreachable. (with or without the firewall enabled)

The problem seems to be the DNS for accessing the ip address is somehow being blocked outside the PCs LAN.

I will need to try accessing the modem directly and from other parts of the LAN and WLAN to see what other hardware is being effected.

 

when I try to go to that website, I get a blank page, and it would be blocked by my anivirus if it is malware related.

can you get other sites ok??

just this one is bad??

 

Here is source for the blocking / redirected webpage ..

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<style type="text/css">
html, body, #partner, iframe {
height:100%;
width:100%;
margin:0;
padding:0;
border:0;
outline:0;
font-size:100%;
vertical-align:baseline;
background:transparent;
}
body {
overflow:hidden;
}
</style>
<meta content="NOW" name="expires">
<meta content="index, follow, all" name="GOOGLEBOT">
<meta content="index, follow, all" name="robots">
<!-- Following Meta-Tag fixes scaling-issues on mobile devices -->
<meta content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" name="viewport">
</head>
<body>
<div id="partner"></div>

<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

<script type="text/javascript">
document.write(
'<script type="text/javascript" language="JavaScript"'
+ 'src="//sedoparking.com/frmpark/'
+ window.location.host + '/'
+ 'sedonewreg'
+ '/park.js">'
+ '<\/script>'
);
</script>
</body>
</html>

<script language="JavaScript">
<!--
var SymRealOnLoad;
var SymRealOnUnload;

function SymOnUnload()
{
window.open = SymWinOpen;
if(SymRealOnUnload != null)
SymRealOnUnload();
}

function SymOnLoad()
{
if(SymRealOnLoad != null)
SymRealOnLoad();
window.open = SymRealWinOpen;
SymRealOnUnload = window.onunload;
window.onunload = SymOnUnload;
}

SymRealOnLoad = window.onload;
window.onload = SymOnLoad;

//-->
</script>

 

I am able to get to other sites ok, its seems to be only the url / ip address for the sat modem.

Anyone outside the modems LAN on the Internet should not be able to connect. Only those on the LAN or WLAN.

The ip/url address is similar to a router's firmware on a LAN, only sat modems are also connected to Hughesnet and/or their NOCs. Its basically an address to provide limited information for the sat user, such as download allowances and conditions of the sat connection.

 

Have you contacted your isp provider??

it seems that this should come under their service.

 

Well yes and no, an ISP might open a case, after going through various testing procedures, and find their hardware or software " may " somehow be faulty. Even if you have evidence to the contrary or of a known problem, they usually are required to perform their own testing procedures.

Most service contracts only cover only up to your modem. If a service call is required, anything after your modem the customer is usually required to pay for the service call or have some sort of additional insurance or maintenance contract.

 

My isp lets me call their internet line to get help.

since it is the ip they assigned for you to get to that url, it seems that it would be their problem and should be free.

http://answers.microsoft.com/en-us/...Before=&threadType=Questions&tm=1387617427576

you might want to check at the above forum as the volunteers there are more knowledgeable than I for this issue.

 

reply no. 2:

as per your original post, I am using avast free on one xp pc and 360 Internet Security from Quiho on 2 other xp pcs.

you should try either of these:

http://www.360safe.com/internet-security.html

you can download from here
http://www.avast.com/download-thank-you.php?product=FA-TAG&locale=en-ww&tag=0337VjCh
(official avast direct download) watch out that you do not install chrome which may come bundled with avast.

 

Ok, thanks for the links.

I am looking around for another firewall and antivirus to replace my old outdated ones.

Microsoft Security Essentials now displays a warning that MS no longer supports Windows XP.

____

Yes I think this ISP does offer some technical advice, however there are several levels of tech support.

Initially there is aa overseas tech support number for basic tech support, that is based in countries such as India for example. This tech support normally will have you perform various types of basic tests such as modem resets, power on / off, etc. no matter what problem you have. This technical support is suppose to provide another technical support number (based in the US) if their tech support is unable to resolve any basic technical issues.

There is also is a community forum which offers support for some types of technical issues, from the ISPs personal and other ISP users. The forum's technical support personal will follow up on certain issues only if you have a technical support case number, which is only provided by the US based tech support.

___

I will need to first test connections outside my wireless LAN to try and determine what part of the network the problem actually exists.

 

Okay, and if you find a solution, please post it for anyone else who may have the same issue. Thanks, sorry I could not be very helpful

 

After uninstalling the old firewall and antivirus, I installed 360 and it seems to be working ok. However there is no firewall. What do you use for a firewall when using 360?

 

I use windows built in firewall

 

I guess that works ok. I was running a Symantec Firewall along with the Windows built-in Firewall.

On another machine I was thinking of installing Avast?

So you run both the Windows Firewall and Avast on the same PC?

 

yes because the free avast does not come with a firewall. xp's firewall is enough along with a good antivirus.

you should only have one firewall, if you use other than windows, you should disable windows firewall.

 

Ok, well perhaps a re-install of the outdated Symantec Firewall, then disabling the Windows Firewall would be a better option. Symantec (a business edition) has many other configurations options, privacy settings, ad blockers, etc. when compared to the Windows Firewall.

I did download a free Comodo firewall, I am wondering how this firewall compares either the outdated Symantec and Windows Firewalls.